DESIGN YOUR OWN SPACES

DISCOVER ALTTOGLASS

PRIVACY STATEMENT

General conditions:

ALTTOGLASS, S.A. It is a business name. For more information about our company, please consult the section on the website: https://www.alttoglass.com

With regard to personal data collected from users, the use and processing of said data will be in accordance with the provisions of Organic Law 15/1999, of December 13, on the Protection of Personal Data. The customer can exercise their rights of access, rectification and cancellation regarding their data, by going to the website: https://www.alttoglass.com.

An electronic copy will be kept for 5 years, according to the provisions of Law 34/2002, of July 11, on services of the information society and electronic commerce.

According to compliance with current regulations Organic Law Protection of Personal Data 13-12-199, BOE 12-14-1999; RD 1720/2007 21-12-2007 and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016

Your data will only be used for purposes provided by the mutual contractual relationship.

The Spanish law is applicable to this document so the parties submit to the Spanish Courts and Tribunals.

Legal notice and conditions of use

1. General considerations

This website, ALTTOGLASS, S.A. is, hereinafter referred to as “this website”. Our terms of use apply to the use of this website. By using this website you agree to be bound by these terms of use. This website complies with the communication duty established by the Personal Data Protection Act (LPDP).

2. Terms of use

ALTTOGLASS, S.A. recommends that users of this website activate the Internet settings necessary for the optimal use of this website.

The entire content of this website is the exclusive property of ALTTOGLASS, S.A. The intellectual property rights, including the copyright associated with this website, as well as all materials and all trademarks available in all sub-domains are the property of ALTTOGLASS, S.A.

All information and materials, including, but not limited to, the software, texts, data, graphic representations, illustrations, sounds, videos, logos, icons or html codes and other encryptions of this website may not be published. , modified, copied, reproduced, or edited in any way outside the environment of this website without the prior consent of ALTTOGLASS, S.A. The violation of the rights of this website may be punished. It is not allowed to edit this website or any part of it for personal use or for third parties through media.

ALTTOGLASS, S.A. sreserves the right to block user access to this website and / or linked services for well-founded reasons (for example: violation of the conditions of use, attempted fraud, etc.).

ALTTOGLASS, S.A. reserves the right to change or renew the conditions of use of this website at any time without obligation to inform its users in advance. You are bound at all times by the current conditions of use at all times

3. Legal notice.

ALTTOGLASS, S.A. will not be liable for damages and losses of any kind arising from the use or inability to use this website.

The greatest attention is devoted to the construction and maintenance of this website. Even so, it is possible that information is missing, or that the information presented is incomplete or inaccurate. The information about products and / or services related to the purposes of the company.

May 2018

DECLARATION OF PRIVACY OF: ALTTOGLASS, S.A.

This is the privacy statement of ALTTOGLASS, S.A. In this privacy statement we explain how we collect and use your personal information.

Last update: May 2018

1. When does this privacy statement apply?

2. Who is responsible for your data?

3. What data do we collect and how?

4. How do we use your data?

5. What third parties have access to your data?

6. How do we secure your data and how long do we keep it?

7. How can you exercise your legal rights?

1. When does this privacy statement apply?

This privacy statement applies to each and every personal data relating to you that we collect, use, share and store when you make a query or purchase any of our articles, when you visit our website or when you contact US.

This privacy statement was modified recently, in May 2018, and replaces previous versions. We may modify this privacy policy at any time and notify you of the appropriate changes by publishing the same revised on this web page

2. Who is responsible for your data?

ALTTOGLASS, S.A. is responsible for the collection and use of your personal data as described in this privacy policy. If you have questions, comments or complaints about the use of your personal data by ALTTOGLASS, S.A., contact our services on the website: https://www.alttoglass.com

3. What data do we collect and how?

We collect a category of data relating to you:

(1) (1) Name, contact information and email.

1. Name and contact information

This website receives the data that the user wants to put in the “Contact” section of the “contact us” tab, previous acceptance of this Data Privacy Statement”.

4. How do we use your data?

ALTTOGLASS, S.A. uses your data for three purposes:

(1) to offer our services and keep in touch with you,

(2) to investigate and improve our services,

(3) to carry out our administration tasks and comply with the corresponding legislation and regulations.

1. To offer our services and keep in touch with you.

To maintain contacts. If you have previously registered.

2. To investigate and improve our services

We investigate trends on how visitors and customers use our services, our website, our customer service. We do this to understand in depth the behavior and preferences of our visitors and customers and thus be able to improve our services, the contents of our website and our customer service.

The names, email addresses and information that can lead to specific people are not analyzed, since we are only interested in general trends. We also do not use sensitive data.

3.To carry out our administration tasks and comply with the corresponding legislation and regulations.

We use your personal data to perform internal management tasks, such as record keeping, and compliance with our legal and tax obligations.

We collect and use your personal data to offer you services, comply with our legal obligations, in our legitimate.

If we process your personal data in our legitimate interest or in the interest of third parties, we will take your privacy interests into account in order to reach a balance between all of them. We will take measures to safeguard your privacy interests and avoid unnecessary damages, as appropriate. Our legitimate interests could be related, for example, to security or the provision of services.Whenever we process your personal data in our legitimate interest you may object by appealing to your personal situation

5. How do we secure your data and how long do we keep it?

ALTTOGLASS, S.A. has taken technical and organizational security measures to protect your data against possible losses or illegal uses.

We keep your data for the time necessary to achieve the objectives as specified in this privacy policy, but in general we do not keep them for more than five years from your last interaction with us unless it is necessary to comply with our obligations legal or in case of future disputes. When we no longer need your data, we will destroy it or turn it into anonymous data so that it can not be linked to you in any way.

6. How can I exercise my legal rights?

You can contact our customer service to exercise any of the rights that have been conferred by the data protection laws in force, this is: (1) right of access, (2) right of rectification, (3) right of elimination, (4) right to the restriction of the processed, (5) right to portability and (6) right of objection to the defendant. Please note that we may ask you to provide additional information to verify your identity. As a copy of the DNI.

1. Right of access

You can ask us if we process some of your personal data or not, and if so, you can request access to said data in the form of a copy. To comply with a request for access, we will also provide you with additional information, such as the purpose of the processing, the categories of personal data affected and any other information necessary for you to exercise this right.

2. Right of rectification

You have the right to rectify your data in case they are inaccurate or incomplete. Upon request, we will correct those personal data that are inaccurate and, for the purposes of processing, we will complete those personal data that are incomplete, which could imply the provision of a supplementary declaration

3. Right of elimination

You also have the right to delete your personal data, which implies the deletion of the same by our organization and, whenever possible, any other controller to which we have communicated your information. The deletion of your personal data will only take place in certain cases established by law and stipulated in article 17 of the GDPR. These include situations in which your personal data are no longer necessary with respect to the initial purpose for which they were processed, as well as situations in which the illegal processing of them has occurred. Given the way we provide certain services, it could take some time to delete the backup copies.

4. Right to restriction of processing

You have the right to the restriction of the processing of your personal data, which means that we will suspend the processing of the same for a certain period. Among the situations that may give rise to this right are those in which the accuracy of your personal data has been compromised, but we will need time to verify its inaccuracy. This right will not prevent us from continuing to store your personal data. We will inform you before the restriction is lifted.

5. Your portability right implies that you can ask us to provide you with your personal data in a structured way and in a standard automated reading format and that we transmit them directly to another controller, whenever technically possible. Upon request and whenever technically possible, we will transmit your personal data directly to the other controller.

6. Right to object.

You also have the right to object to the processing of your personal data, which means that you can ask us not to continue processing your personal data. This only applies if the 'legitimate interests constitute a legal basis for processing (see section 4).

You can always exercise this right simply by revoking the consent you have given previously by entering our website: https://www.alttoglass.com.

If you exercise this right, we will not continue to process your personal data for this purpose.

There may be situations in which we are able to restrict your rights as described in this section. In any case, we will carefully evaluate if said exemption is applicable and we will inform you about it.

Thus, for example, we can deny you access when it is necessary to protect the rights and freedoms of other people or refuse to erase your personal data if your processing is necessary to comply with our legal obligations. The right of portability, for example, does not apply in case of personal data not provided by you or if we process data for which we do not need your consent or to formalize a contract.

You can also contact us if you have questions, comments or complaints regarding this privacy policy on the website: https://www.alttoglass.com.If you have questions, you also have the right to file a complaint with the competent Data Protection Authorities.

ACCEPT

X

COOKIES POLICY

Cookie is a file that is downloaded to your computer when you access certain web pages. Cookies allow a web page, among other things, to store and retrieve information about the browsing habits of a user or their equipment and, depending on the information they contain and the way they use their equipment, they can be used to recognize to user. The user's browser memorizes cookies on the hard disk only during the current session occupying a minimum memory space and not harming the computer. Cookies do not contain any kind of specific personal information, and most of them are deleted from the hard drive at the end of the browser session (the so-called session cookies).

Most browsers accept cookies as standard and, independently of them, allow or prevent temporary or stored cookies in security settings.

Without your express consent - by activating the cookies in your browser - the web page you have just accessed will not link in the cookies the data stored with your personal data provided at the time of registration or purchase.

What types of cookies does this website use?

– Technical cookies: Are those that allow the user to navigate through a web page, platform or application and the use of different options or services that exist in it, for example, control traffic and data communication, identify the session, access restricted access parts, remember the elements that make up a navigation, make the registration request.

The User expressly accepts, for the use of this Site, the treatment of the information collected in the manner and with the aforementioned purposes. And it also recognizes to know the possibility of rejecting the treatment of such data or information rejecting the use of Cookies by selecting the appropriate configuration for this purpose in your browser. Although this option to block cookies in your browser may not allow full use of all the functionality of the Website.

You can allow, block or delete the cookies installed on your computer by configuring the browser options installed on your computer:

At the beginning of the web page, the text of the cookie policy should appear before loading any cookie and before any navigation can be started.

For more information about cookies and their use read the following text:

The rules of use of cookies.

1. Scope of the rules.

The second section of article 22 of the LSSI establishes:

2.Service providers may use data storage and retrieval devices in terminal equipment of recipients, provided that they have given their consent after they have been provided with clear and complete information on their use, in particular, on the purposes of data processing, in accordance with the provisions of Organic Law 15/1999, of December 13, on the Protection of Personal Data.

When technically possible and effective, the consent of the recipient to accept the processing of the data may be facilitated by using the appropriate parameters of the browser or other applications, provided that it must proceed to its configuration during installation or update through an action Express for that purpose.

The foregoing shall not prevent the possible storage or access of a technical nature solely for the purpose of transmitting a communication over an electronic communications network or, to the extent strictly necessary, for the provision of a service of the information society. expressly requested by the recipient.

Consequently, the information in this text will be useful to those cases to which the second section of Article 22 of the LSSI is applicable, in accordance with the provisions of Chapter II of the LSSI itself entitled “Scope of application”

In particular, it should be specified that, in accordance with the precept transcribed,

it applies to any “storage and retrieval devices of data “in any” terminal equipment of the recipients “and that the Annex of the aforementioned LSSI defines as” Recipient of the service or recipient “the” natural or legal person who uses, whether or not for professional reasons, a service of the society of Information”.

Thus, article 22 of the LSSI and the present text refer to the installation of cookies and similar technologies used (such as local shared objects or flash cookies, etc.) to store and retrieve data from a terminal equipment (for example, a computer, a mobile phone or a tablet) of a natural or legal person who uses, whether or not for professional reasons, a service of the information society.

In any case we allow ourselves to remember that when the installation and / or use of a cookie entails the processing of personal data, those responsible for such treatment must ensure compliance with the additional requirements established by the regulations on protection of personal data, in particular in relationship with specially protected data.

Likewise, it is convenient to remember the need to adopt additional precautions in this area in relation to minors.

Finally, in order to determine the scope of the regulations and this text it is necessary to point out that the cookies used for any of the following purposes are exempt from compliance with the obligations established in article 22.2 of the LSSI:

• Allow only communication between the user's equipment and the network.

• Strictly provide a service expressly requested by the user.

In this sense, the Working Group of Article 29 in its Opinion 4/2012 has interpreted that among the excepted cookies are those that have the purpose:

• Cookies «user input».

• Authentication or user identification cookies (session only).

• User's safety cookies.

• Multimedia player session cookies.

• Session cookies to balance the load.

• Customization cookies for the user interface.

• Complement cookies (plug-in) to exchange social content.

Therefore, it can be understood that these cookies are excluded from the scope of application of article 22.2 of the LSSI, and therefore, it would not be necessary to inform or obtain the consent

about its use. On the contrary, it will be necessary to inform and obtain the consent for the installation and use of any other type of cookies, both first and third, session or persistent, being subject to the scope of application of article 22.2 of the LSSI and, on which the orientations of this text will be useful.

The aforementioned opinion indicates that in order for a cookie to be exempt from the duty of informed consent, its expiration must be related to its purpose. Because of this, session cookies are much more likely to be considered as persistent than persistent cookies.

In any case, it must be taken into account that the same cookie can have more than one purpose, so there is the possibility that while for a purpose or treatment the cookie is exempt from the scope of application of article 22.2 of the LSSI, it is not is for other purposes, being subject to the scope of application of said precept.

For example, cookies used to detect erroneous and repeated attempts to connect to a website.

2. Terminology and definitions

For the purposes of this text it is useful to define a series of concepts in advance.

A. Intervening elements

i. Cookie.

The LSSI is applicable to any type of file or device that is downloaded to a user's terminal equipment for the purpose of storing data that can be updated and retrieved by the entity responsible for its installation.

The cookie is one of those devices widely used so, from now on, we will generically refer to these devices as cookies.

These files allow the storage in the user's terminal of data quantities ranging from a few kilobytes to several Megabytes.

Next, a classification of the cookies is made according to a series of categories. However, it is necessary to take into account that the same

Cookie can be included in more than one category.

1. Types of cookies according to the entity that manages them.

Depending on who is the entity that manages the equipment or domain from where it is

send cookies and treat the data obtained, we can distinguish:

– Own cookies: These are those that are sent to the user's terminal equipment from a computer or domain managed by the editor itself and from which the service requested by the user is provided.

– Third party cookies: These are those that are sent to the user's terminal equipment from a computer or domain that is not managed by the publisher, but by another entity that processes the data obtained through the cookies.

In the event that cookies are installed from a computer or domain managed by the publisher itself but the information collected through them is managed by a third party, they can not be considered as own cookies.

2. Types of cookies according to the period of time they remain activated.

According to the period of time that remain activated in the terminal equipment

we can distinguish:

– Session Cookies: They are a type of cookies designed to collect and store data while the user accesses a web page.

– Persistent cookies: They are a type of cookies in which the data is stored in the terminal and can be accessed and processed during a period defined by the person responsible for the cookie, which can range from a few minutes to several years.

3. Types of cookies according to their purpose.

Depending on the purpose for which the data obtained through cookies are processed, we can distinguish between:

– Technical cookies: Are those that allow the user to browse through a web page, platform or application and the use of different options or services that exist in it.

– Personalization cookies: These are those that allow the user to access the service with some predefined general characteristics based on a series of criteria in the terminal.

– Analysis Cookies: These are those that allow the person in charge of them to monitor and analyze the behavior of the users of the websites to which they are linked. The information collected through this type of cookies is used in the measurement of the activity of the websites, application or platform and for the elaboration of navigation profiles of the users of said sites, applications and platforms, in order to introduce improvements in function of the analysis of the data of use made by the users of the service.

Some publishers, in addition to providing a service to users, offer, acting as supports, by themselves or with the help of one or more third parties, advertising spaces to advertisers for whose management the use of cookies is necessary.

In light of this definition we can observe the double role or function that an editor can develop.

Acts as a provider of a service to the user, for whose provision the use of cookies may be necessary.

When acting as a support, it may also offer advertisers advertising spaces that will be managed either by the same publisher or by one or more entities simultaneously, by using technologies that may require the use of cookies for their operation

i. Advertiser

It is the entity whose products, services or image are advertised through the advertising spaces that are available, where appropriate, the editors on their pages or other applications from which they provide services to users. In this sense, it acts as a plaintiff of advertising space.

Frequently, the editor also often acts as an advertiser. In these cases, the publisher acts as an advertiser from the moment in which to perform

advertising of the service provided to users uses the advertising spaces that other publishers make available.

ii. Advertising agencies and media agencies

They are entities that are responsible for the design and execution of advertising, as well as the creation, preparation or programming of advertising campaigns of advertisers, acting on behalf of and on behalf of these in the contracting of advertising spaces. In this sense, it is also You can consider them as plaintiffs of advertising space for advertisers.

iii. Advertising networks

They are a set of entities that, acting directly or indirectly on behalf of one or more publishers, also offer advertisers, or indirectly through other claimants, such as advertising agencies, the possibility of obtaining advertising space or some type of concrete result such as clicks, sales or records, through the management and processing of data obtained from the use of cookies downloaded or stored in users' terminal equipment, when they access the services provided by the publisher.

The purpose of the work of these entities is to carry out, in the best possible way, the management of the inventory of advertising spaces, whose ownership corresponds to the publishers, in a way that converges with the demand of the advertisers.

It is the publisher who decides whether all or part of the inventory, which is available, is managed by an entity exclusively or by several entities simultaneously based on the criteria established.

This type of entities usually make an aggregation of the offer of the advertising spaces and the inventories of several publishers.

Some of these entities collect, through the cookies they manage, information on the browsing habits of users who access the services or pages offered by any of the publishers they represent.

The data is collected with the purpose that the dissemination of advertising pieces of the advertisers is as efficient as possible. For this, they analyze the habits of the users in

Internet in order to offer the most appropriate advertising to the interests associated with your browsing profile.

This type of entities act on the supply side, as bidders of spaces, in the name and representation, directly or indirectly of one or several publishers.

Although this type of entities show their clients in an aggregated way the data obtained as a result of the use of cookies, it will be necessary to inform and obtain the consent of the users for the collection of said data and its aggregation and subsequent treatment with the purpose of managing the offer of the spaces of the editors. Generally it will be done from the web page of the editors who use this type of own or third party cookies.

To carry out the management of these advertising spaces in the most efficient way possible, different types of equipment, technologies, programs or management applications are used, such as adServers, adExchanges, etc. that deal with adServer (Ad Server):

Adservers are programs or management platforms used to manage the publisher's ad inventory. For this, third-party cookies are usually used, so that these cookies are sent to the user's terminal equipment, not real time, so that advertising pieces of the advertisers are included in the publishers' advertising spaces automatically, function of the criteria that are established in each case.

Finally, it is also necessary to point out that this management work is often subcontracted totally or partially to other companies specialized in the development of the necessary actions for the management of advertising spaces.

iv. Analysis and measurement companies.

They are entities that measure and / or analyze the behavior of user navigation on the web page of an editor, acting on their behalf and representation, through the analysis of the data obtained with the use of cookies in order to improve the service provided by the editor.

Generally for the provision of this type of services are used what are called 'third-party cookies', ie, cookies that are sent to the user's terminal equipment not from a computer or domain managed and controlled by the publisher but from a computer or domain managed by the entity that performs the analysis of the data.

Given the multiplicity of intervening entities, it will be up to each of them to analyze the work they carry out to position themselves in one or another role in order to determine the responsibility they incur and to comply with the obligations established in the regulations and developed in this guide.

Obligations of the parties.

The legal obligations imposed by the regulations are two, namely: the duty of information and the obtaining of consent.

Prior to the study by the entities involved in the most appropriate solutions to comply with the aforementioned obligations (according to the nature of their activity, the business model they develop and the scope of their responsibility), it is recommended that they carry out a review of the cookies that are used, either internally or with the advice of associations or specialized entities. This review will be from a domain managed and controlled by the editor itself, but from one managed by the adserver. adExchange (Ad Exchange): Computer system that allows automated auctioning of advertising spaces by publishers that advertisers and other authorized agents request. The auction is done in real time using the criteria established by both parties so the participating entities do not know, until it is shown, what will be the advertising that will be displayed in a space auctioned through this infrastructure.

The adexchanges may or may not use cookies depending on the configuration set by the publisher as a goal to identify the cookies that are being installed or used, analyzing whether they are own or third party cookies, session or permanent and, specifying their function to decide if they are or are not within the scope of article 22.2.

Taking into account the possible changes that may occur in the management and use of cookies, it is advisable to periodically make this revision in order to update the information available about them.

In this context, it must be specifically assessed if the installation of persistent cookies is necessary since the risks to privacy could be reduced by the use of session cookies. In any case, when persistent cookies are installed, their temporary duration must be reduced to the minimum necessary, depending on the purpose of their use.

In any case, we remind the convenience that the solutions that are implemented to comply with the obligations of art.22.2 LSSI must be technologically neutral and, therefore, must be solutions that most browsers recognize.

A. Duty of information.

i. What information should be provided.

The second section of Article 22 of the LSSI establishes that users should be provided with clear and complete information on the use of data storage and retrieval devices and, in particular, on the purposes of processing the data, in accordance with the provisions of Organic Law 15/1999, of December 13, on the protection of personal data.

Therefore, the information on the cookies provided at the time of requesting consent must be sufficiently complete to allow users to understand the purpose for which they were installed and to know the uses that will be given to them.

In the event that a user gives their consent to the use of cookies, information on how to revoke the consent and eliminate cookies must be available to them in an accessible and permanent manner.

In addition to providing the necessary information so that users can provide, at the required time, a valid consent, it is advisable that the aforementioned information, and in particular that relating to the form through which they can manage the cookies, be at their available in an accessible and permanent way at all times through the website from which the service is provided.

ii. How that information should be displayed.

The Working Group of Article 29 has established in its Opinion 15/2011, with the objective of guaranteeing adequate information, two requirements that affect, on the one hand, the quality of the information and, on the other hand, the accessibility and visibility Of the same.

First, in relation to the quality of the information provided, it is recommended:

– Take into account the type of average user to which that web page is directed and adapt the language and content of the messages to their technical level. The lower the technical level of the average user of that web page, the easier it must be to use the language (avoiding technical terminology that is not very comprehensible) and the more complete the information that is offered, based on the most basic aspects of what cookies are and how they work.

In any case, this lower technical level should not be an obstacle for the information provided to be as clear as possible, avoiding overloading the information with unnecessary details that make it cumbersome to read.

On the contrary, if the users to whom the website is directed enjoy a high level of knowledge about the Internet, it may not be necessary to provide basic information about what cookies are and how they work, although they must include information in any case detailed information about what type of cookies are used on that page and for what purposes.

At the present time, it should be assumed that the level of knowledge of users about cookies and their management is very limited.

– Take into account the design and mechanics of the website. The better the information that is offered about cookies fits with the rest of the contents of the website and its operating mechanics, the more likely it is that this information will be read by users.

Second, in relation to the accessibility and visibility of the information on cookies can be enhanced in the following ways:

– Through the format of the link: For example, increasing the size of the link to the information or using a different source that distinguish that link from the normal text of the web page and other links.

– Through the positioning of the link: The location of the link in areas that attract the attention of users can help ensure accessibility and visibility.

– Through the use of a descriptive and intuitive name for the link: The use of an explanatory expression such as “Cookies Policy”, instead of a more general expression such as “Privacy Policy” to improve accessibility and visibility of the message.

– Through other techniques that help highlight the importance of this informative link, such as framing or underlining the link, displaying a warning when the mouse pointer passes over the link or using an image or icon that can be clicked and that encourages you to look for more information.

“Informing users and obtaining their consent is not something new on the Internet. Most websites know which methods to use to attract users attention to the information they wish to highlight, such as in the case of promotions, offers or satisfaction surveys, and to obtain the consent of their users, even if in other contexts (changes in the terms and conditions of use, confirmation of purchases or verifications of minimum age required).

The way in which the consent of users is reported and obtained should take advantage of the experience gained through these methods.

In any case, mandatory information may be offered through multiple systems. As we will see later, generally with these means not only the necessary information will be provided, but also the user's consent for the installation of the devices can be requested.

Among the most common methods we highlight:

a. The supply of information through a header bar or in the footer, in a sufficiently visible manner.

b. When applying for a service, or before downloading a service or application, this information may be provided together with the privacy policy, or in the terms and conditions of use of the service.

In order to maintain the visibility of information about cookies, it must be highlighted and separated (through a different hyperlink, for example) from the rest of the information on terms and conditions of use or privacy policy.

In case it is necessary to obtain the consent for the installation of the cookies by already registered users (that is to say, they are already registered in the service) they will have to be informed in a verifiable way about the changes made in relation to the treatment of the cookies and that in case they continue using the service it will be understood that they consent to the installation of the same.

In both cases, it will also be possible to provide the information and obtain the consent through conventional means (off-line), as long as there is proof that the users have been informed individually and have provided their consent.

The information by layers.

This system consists in showing the essential information in a first layer, when the page or application is accessed, and completing it in a second layer through a page in which additional information about the cookies is offered.

1. The following information would be included in the first layer:

• Warning of the use of non-excepted cookies that are installed when browsing this page or when using the service requested.

• Identification of the purposes of the cookies that are installed.

Information on whether the installation and use of cookies will be only the editor responsible for the web, or also third parties associated with it.

• In your case, warning that if a certain action is carried out, it will be understood that the user accepts the use of cookies.

• A link to a second information layer in which more detailed information is included.

This information will be provided through a format that is visible to the user and must be maintained until the user performs the action required to obtain consent.

EXAMPLE:

We use our own and third-party cookies to improve our services and show you advertising related to your preferences by analyzing your browsing habits. If you go on surfing, we will consider you accepting its use.

You can change the settings or get more information here.

As you can see, this example offers information about the use by the editor and third parties of analytical and behavioral advertising cookies.

The cookies used should be analyzed in order to adapt the information to each particular situation.

2. The following information would be included in the second layer:

• Definition and function of cookies

EXAMPLE:

What are cookies? A cookie is a file that is downloaded to your computer when you access certain web pages. Cookies allow a web page, among other things, to store and retrieve information about the browsing habits of a user or their equipment and, depending on the information they contain and the way they use their equipment, they can be used to recognize to user.

• Information through a table or list about the type of cookies used by the website and its purpose.

EXAMPLE:

What types of cookies does this website use?

• Analysis cookies: those that are well treated by us or by third parties, allow us to quantify the number of users and thus perform the measurement and statistical analysis of the use made by users of the service offered. To do this, we analyze your browsing on our website in order to improve the offer of products or services we offer you.

• Advertising Cookies: These are those that, well treated by us or by third parties, allow us to manage in the most efficient way possible the offer of the advertising spaces that are on the website, adapting the content of the advertisement to the content of the requested service or to the use you make of our website. For this we can analyze your browsing habits on the Internet and we can show you advertising related to your browsing profile.

• Information on how to deactivate or eliminate the cookies listed through the functionalities provided by the editor, the tools provided by the browser or the terminal or through common platforms that may exist, for this purpose, as well as the form of revocation of consent already rendered.

EXAMPLE:

You can allow, block or delete the cookies installed on your computer by configuring the browser options installed on your computer.

• Information on the identification of who uses cookies, that is, if the information obtained by cookies is treated only by the publisher and / or also by third parties with whom the publisher has contracted the provision of a service for which the use of cookies, with identification of the latter.

B. Obtaining consent.

i. Consent as the basis for compliance with regulations.

For the installation and use of non-excepted cookies it will be necessary in all cases to obtain the user's consent. This consent may be obtained through express formulas, such as by clicking on a section that indicates 'I consent,' 'I agree,' or other similar terms. It can also be obtained by inferring it from a certain action carried out by the user, in a context in which the latter has been provided with clear and accessible information about the purposes of the cookies and whether they are to be used by the same publisher and / or by

third parties, so that it is understood that the user accepts that cookies are installed. In any case the mere inactivity of the user does not imply the provision of consent by itself.

For this consent to be valid it will be necessary that the consent has been granted in an informed manner.

Therefore, it is necessary Consider.

1. That the modalities of providing consent may be varied.

Obtaining consent through a user's 'click' or similar behavior will undoubtedly facilitate proof that it has been obtained. This formula may be more appropriate for registered users.

The obtaining of the consent that is inferred from a behavior of the users is admissible, but it can present greater difficulties of proof on its obtaining. This will depend, fundamentally, on the clarity and accessibility of the information that has been offered to obtain them.

2. That the user must have made some kind of conscious action and

positive from which the user's consent can be inferred.

3. That the user must have been informed in advance and clearly of what specific action will be interpreted in the sense that he accepts the installation and use of cookies.

For example, it should be clearly informed in those cases in which the request by the user of a service is interpreted in turn as an expression of their agreement so that, in addition to providing the service, they can store or access the information on the user's device.

4. That the user, in any case, may refuse to accept cookies, even in those cases in which as a consequence of such a negative the functionality of the web page is limited or not possible.

ii. Who must give consent.

In accordance with section 2 of article 22 of the LSSI, consent must be given by the 'recipients' of the services of the society of the

information.

In accordance with section d) of the Annex to the LSSI by 'Recipient of the service or recipient' should be understood 'the individual or legal entity that uses, whether or not for professional reasons, a service of the information society.' And according to the definitions made in the corresponding section, the term recipient coincides with the user, which is the one used in this guide.

iii. Modalities of obtaining consent

The determination of which method will be appropriate to obtain the consent to use cookies will depend on the type of cookies that will be installed, their purpose, and whether they are their own or that of third parties. One aspect to consider is whether the relationship with the user is the editor or third parties.

In this sense, it must be indicated if the consent is provided only for the web page in which it is being requested or if it is also provided for other web pages of the same publisher or even for third parties associated with the publisher within the framework of the purposes of the cookies about which information has been offered.

There are, among others, the following mechanisms for obtaining consent:

• Through the acceptance of the 'Terms and conditions of use of the website' or its 'Privacy Policy' when applying for a service.

Another possible form of consent for the installation of Cookies is through the acceptance of the terms or conditions of use and / or the privacy policy of the website at the time a user requests registration in a service.

• During the process of configuring the operation of the web page or application (Settings-led consent)

Many web pages and mobile applications allow the user to configure the service, which can configure features such as language, font, background color, etc. Because of the specific characteristics of

applications, these also usually ask the user if they can access information from their terminal (such as agenda, to suggest friends, or photo album).

For this reason, another alternative form of consent for the installation of cookies can be configured during the process of election or specification by the

user of the features, leaving the consent integrated in the user's choice and remembering the chosen settings this one.

• At the moment when a new function offered on the website or application is requested (Feature-led consent)

Certain optional functions of a web page or application may require the use of cookies, for example, when a mail service remembers the account of the last user who accessed it.

In such cases, information may be provided about the cookies used at the moment in which the user must show his desire to use said function.

In the previous example, information could be provided next to the checkbox that the user must check to obtain the function (that the mail service remembers his account).

• Before the moment a service or application offered on the website is downloaded.

Another possibility of obtaining consent is before the time a service included in the website or in the application is downloaded (such as a video, image or game).

In such cases, if it is properly informed that the application for downloading such service or application involves the provision of consent for the installation of a specific cookie with specific purposes, and it carries out an action to perform the download of such service or application, you can interpret the user has given his consent for the installation of the corresponding cookie or cookies. When this cookie is provided by a third party, the user must be informed, providing information about the purposes of the third party's cookies, so that the user can make an informed decision.

It should be remembered that in the event that a web page offers audiovisual content, they are part of the service expressly requested by the user, being therefore exempt from the duty to require such consent to display such content.

• Through the information format by layers. In the layer information format that we indicated above, the first layer, which contains the essential information, must also include the consent request for the installation of the cookies.

In cases where the user does not expressly indicate whether or not he accepts the installation of cookies, but continues to use the website or the application it could be understood that he has given his consent, provided that he has been clearly informed in this regard and At any time, a notice that permanently offers information on the use of cookies and the possibility of uninstalling them is offered at all times through the forms indicated in this guide.

For these purposes, and by way of example, it will be understood that consent has been given to continue browsing when after reporting the use of cookies:

(i) The user has used the scroll bar, as long as the information about the cookies is visible without making use of it;

(ii) The user has clicked on any link contained in the page.

The information that is offered in this first layer can be shown through a format that is visible to the user, such as a layer, a bar or through similar techniques or devices, taking into account that the location at the top of the page would better capture the attention of users.

In the terminals of reduced screen it will be possible to adapt the size and the content of first layer to the dimensions of the same one.

• Through the browser settings. Both the Privacy Directive and the LSSI suggest that the configuration of the browser could be one of the ways to obtain consent if it is used in a way that allows users to express their agreement with the installation of cookies in accordance with current legislation. and taking into account the findings of the Article 29 Working Group.

iv. When can cookies be installed?

Regarding the moment in which consent must be obtained for the installation of the cookie, it must be remembered that article 22 of the LSSI states that:

Service providers may use data storage and retrieval devices on terminal equipment of recipients, provided that they have given their consent after they have been provided with clear and complete information about their

use, in particular, for the purposes of data processing, in accordance with the provisions of Organic Law 15/1999, of December 13, on the Protection of Personal Data.

Consequently, the installation of the cookie may take place when the user has the mandatory information about the cookies and the form of obtaining the consent and it is provided in accordance with the indicated procedures.

In this sense, the installation of the cookies should be accompanied by an informed consent of the users for such installation, so that the

recipients have the opportunity to examine the information and decide whether or not to allow the implementation of these devices.

v. Obtaining consent for the use of cookies when an editor provides services through different pages.

The same publisher that provides different services through different domains

may through a single web page inform and obtain consent for the installation of cookies sent from other domains, which are owned and offer content or have similar characteristics, for the provision of the requested services by the user, provided that it is also informed of what was previously stated in the section on information, on which web pages or domains of ownership are to be installed from where the cookies will be installed, the type of cookies and the purposes for which that the consent of the user is processed and collected.

In the case that the pages through which an editor provides services offer contents or have characteristics that are not similar (for example: some of the pages contain content for adults), it will be necessary to adopt additional precautions.

vi. Changes in the use of cookies.

As a general rule, whenever a consent has been obtained validly it is not necessary to obtain it every time a user visits the same web page from which the service is provided again.

In any case, it is clear that if the characteristics or purposes of using cookies change after having obtained the consent, it will be necessary to inform users about these changes and allow them to make a new decision about such activities.

vii. Withdrawal of consent for the use of cookies

Users must be able to withdraw the consent previously granted at any time. To this end, the publisher must ensure that it provides information to users in its privacy policy on how consent can be withdrawn and cookies deleted.

In any case, the user may be informed of the consequences derived from the withdrawal of said consent, such as, for example, the impact that may have on the functionalities of the website.

viii. Possibility of denying access to the service in case of rejection of cookies.

There may be cases in which the non-acceptance of the installation of cookies prevents the total or partial use of the service, provided that it is reported

appropriately about the user.

However, access to the service can not be denied in case of rejection of cookies, in those cases in which such denial prevents the exercise of a legally recognized right to the user, since access to said website is the only means provided to the user. user to exercise such right. (Example, the withdrawal in a telephone service, Internet access or other).

4. Responsibility of the parties in the use of cookies.

The LSSI does not define who is responsible for complying with the obligation to provide information about cookies and obtain consent for their use.

It is necessary that the subjects involved in the installation and use of cookies collaborate to ensure compliance with established legal requirements.

Basically in the management of cookies and in the processing of the data obtained, the two situations described below are distinguished in

function of the purpose for which the data obtained through the use of cookies are processed.

a) The publisher or third parties use cookies for purposes other than the obligations to inform and obtain consent.

In those cases in which an editor offers users a service and all the

Cookies on its website are used exclusively for the purposes that it is not necessary to obtain the consent listed above, whether they are their own or that of third parties, it will not be necessary to report their use or obtain consent.

However, if you use third-party cookies to provide the service requested by the user, you must ensure contractually that these other entities or third parties do not treat the data for any other purpose than providing the service to the user, since in otherwise, it would be necessary to inform about these other purposes and obtain the consent.

b) The publisher or third parties use cookies for purposes not exempt from the obligations to inform and obtain consent.

In this case you can differentiate if they use first or third party cookies.

In the cases in which the publisher, through the use of its own cookies, treats the data for any purpose that is not exempt from the obligation to inform and obtain consent, it will be necessary to report on the purposes for which the data will be processed and Obtain the user's consent, through one of the forms established in this guide.

Likewise, when third-party cookies are used for any or some of the non-exempt purposes, both the publisher and the other entities involved in the management of the cookies will be responsible for ensuring that users are clearly informed about the cookies and purposes. for them to be treated and to obtain the required consent.

Generally, third-party cookies are downloaded to the user's terminal equipment because the editor, when designing the website, platform or application, envisaged the possibility of including third-party content that uses them or because it uses third-party software that requires them.

In any case, it must be borne in mind that in practice it is more difficult for entities that install third-party cookies, which do not have a direct relationship with the user, to achieve this, and that users will tend to send their concerns to the entity at the same time. that they can identify and with which they have a relationship, that is, the editor.

In this way, in such cases and in order to facilitate and ensure compliance with the obligations established in this area, when third-party cookies are installed, one or several contracts should be included in the contracts between the publishers and third parties. clauses in which it is ensured that the required information will be offered to the users and that the form through which a valid consent for the use of the cookies can be obtained will be articulated, as well as about the consequences of the revocation of the consent for the editor and, especially, for the third parties who obtained it through the editor.

We use our own cookies to improve our services and show you advertising related to your preferences by analyzing your browsing habits. If you go on surfing, we will consider you accepting its use. You can consult our Cookies Policy by clicking here